Is it possible to configure two physical Palo Alto 5250 in Active - standby mode while distributing the load for Vsys across both the physical firewalls.
I have two physical firewalls - PA1 & PA2
I have 6 vsys in each firewalls - Vsys1, Vsys2, Vsys3, Vsys4, Vsys5, Vsys6
Is it possible to have the below mentioned setup?
Vsys1 - Active
Vsys2 - Standby
Vsys3 - Active
Vsys4 - Standby
Vsys5 - Active
Vsys6 - Standby
Vsys1 - Standby
Vsys2 - Active
Vsys3 - Standby
Vsys4 - Active
Vsys5 - Standby
Vsys6 - Active
Is there any reference document to achieve this configuration?
unfortunately with Active/Passive mode, all virtual systems will be active only on "active" member. The HA is configured on Physical level and not on the virtual level.
If you want to distribute virtual systems on both physical appliances you need to configure the cluster in Active/Active mode and bound floating IP for vsys 1, 3, 5 to Active Primary and for vsys 2, 4, 6 to Active Secondary.
At this link you can found a use case:
Keep in mind usually TAC suggest A/A mode only in case you have asymmetric routing mainly when the firewalls are in Virtual-Wire mode.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!